Add new Application & Change User’s Avatar CSRF Vulnerability –

July 19, 2013 bug bounty is running under the Paypal bug bounty program and i got paid .
Bug1  Add new Application : provided option to add the new application in account settings. Due to missing of CSRF token this vulnerability successfully executed and unauthorized application is added anonymously in the user’s account .
CSRF Vulnerable URL :

To reproduce this vulnerability i have attached Proof Of Concept ..

Direct Download Link of POC :

Bug2 Change User’s Avatar allow to change user’s default avatar.
I found the there is CSRF token is missing in avatar change module , this can be used to set  user’s default avtar forcefully.
CSRF Vulnerable URL :
<form action=”” method=”GET”>
<input type=”submit” name=”submit”>
Thank you Paypal & for running such a good program – g4h Team.
We Provide Penetration Testing

Yahoo Korea SQL XSS vulnerability

August 9, 2011

Author : Sandeep Kamble
Date : 21/03/2010
Domain :
Risk : High
Status : Fixed


Yahoo Korea having Blog-shop which is one of the most famous sub domain in Korea .
A cross-site-scripting (XSS) vulnerability affecting, which at the time of submission ranked 4 on the web according to Alexa.

Exploit Description :

It has Sql injection in the notice_read.html?key script . I was Successful for retrieving the yahoo users cookies from this SQL Injection by inserting JAVA-Script into the SQL Injection payload.

POC (Proof Of Concept ):’/**/UNION/**/SELECT/**/1,2,3,4,@@version,%
3Cscript%3Ealert(‘XSS HERE’);</script>,7,8,9,0,1,2,3,4,5,6,7–%20

Yahoo Koria XSS

Special thanks to Gaurav Kumar (


Sandeep Kamble

We Provide Penetration Testing

We Provide Penetration Testing